Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Atlassian Confluence < 5.8.6 Server-Side Request Forgery" module is designed to detect a blind server-side request forgery vulnerability in the widgetconnector plugin of Atlassian Confluence versions prior to 5.8.6. This vulnerability can allow an attacker to manipulate server-side requests and potentially access sensitive information or perform unauthorized actions.
Atlassian Confluence is a collaboration software that allows teams to create, organize, and discuss work in one place. This module specifically targets versions of Confluence that are vulnerable to server-side request forgery.
The severity of this vulnerability is classified as medium.
If successfully exploited, the server-side request forgery vulnerability in Atlassian Confluence can lead to unauthorized access to sensitive information or the execution of unauthorized actions. This can potentially result in data breaches, unauthorized modifications, or other security incidents.
The module works by sending a specific HTTP request to the target Confluence instance. The request is designed to trigger the server-side request forgery vulnerability in the widgetconnector plugin. The module then analyzes the response to determine if the vulnerability is present.
One example of an HTTP request sent by the module is:
GET /rest/sharelinks/1.0/link?url=https://{%InteractionURL%}/
The module uses several matching conditions to identify the presence of the vulnerability. These conditions include checking for specific words in the response body, such as "faviconURL" and "domain," as well as verifying that the response status is 200.
If all the matching conditions are met, the module reports the vulnerability as detected.